FDIC logo

FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Log In× Close
Contact Us Locations

What is an Account Takeover?

Account takeover is an attack in which cybercriminals seize ownership of online accounts by using stolen passwords and usernames, then use these credentials to commit fraud. They purchase personal information via the dark web—information collected through social engineering or data breaches. This information provides the necessary credentials for a fraudster to pose as a consumer. With this information, scammers can trick a consumer's financial institution to make changes to their accounts or card settings. They may change phone numbers, emails, or passcodes, apply for increased limits, or change the account holder's PIN and/or travel exemptions to interfere with the institution's fraud-monitoring tools.

Schemes that Contribute to Account Takeovers

Skimming & Malware

Deployment of card skimmers or malware to point-of-sale terminals continues to be a widespread method for stealing data. Compared to years past, small local businesses are more likely to compromised and have their data harvested. Stolen data is then passed through remote, wireless technologies with increasing frequency. 

Phishing, Vishing & Smishing

Phishing, Vishing, and Smishing are methods of data theft that involve tricking consumers into revealing confidential information. These schemes use social engineering combined with modern technology to deceive consumers into revealing critical information while disregarding legitimate fraud warnings.

Phishing schemes are becoming both more frequent, more targeted (called "spear-phishing"), and more difficult to identify than in the past. They utilize email to trick consumers into revealing personal information such as passwords or credit card numbers. Rather than relying on suspicious links in poorly designed emails, phishing emails mimic legitimate websites and appear more polished and credible. By using URL shortening tools such as TinyURL, scammers make detection of suspicious links difficult for even the most keen-eyed of users. Red flags can include mistakes in hyperlinks, grammar or punctuation.

Smishing is the fraudulent practice of sending text messages claiming to be from reputable companies to induce consumers to reveal their personal information, such as passwords or credit card numbers. Vishing is the same fraudulent practice enacted via phone calls. In both instances, consumers may be sent a voice or text message with transaction details requesting confirmation from the consumer. When they respond, they may be questioned for account details or asked to call back and provide account information. In some instances, they are sent a one-time passcode and instructed to reply "No Fraud" to the message.

Malware

Malicious software is a significant threat to the security of financial data. One such type of malware is a Man-in-the-Browser attack, where malicious software is installed to a consumer's computer in the background when the user is downloading some otherwise innocuous file. The malware is then able to monitor and hijack user web sessions to transfer funds or harvest payment cards and online banking credentials, while redirecting the consumer to a fictitious error page. This type of malware often deploys automatically when a user visits a compromised website.

How Should Consumers Protect Themselves?

Preventing account takeover is a joint effort between your financial institution and yourself. There are steps you should take to ensure you don't end up the victim of identity theft.

We have recently received a number of calls from New Tripoli Bank customers who have been contacted by someone claiming to be from the bank and asking for personal information. These calls show up on the customer's phone with the caller ID saying they are from New Tripoli Bank, but the actual phone number of the caller is not one associated with the bank.

This is a common tactic used by scammers to create a sense of trust in their targets, to make them more likely to give up information. We want to remind our customers that New Tripoli Bank will never request a customer's personal, confidential information (bank card number, account number, social security number, personal identification number, or password) through telephone contact. If you should ever receive a telephone call requesting your personal confidential information that appears to be from New Tripoli Bank, do not respond to the caller and contact us immediately at (610) 298-8811.

You can learn more about how to protect yourself by reading our articles on identity theft and frauds, scams and phishing along with other topics on our security page.

Pop Up Scam

We have received an increasing number of reports in recent weeks of customers falling victim to a type of scam known as a tech support scam. In this type of scam, the victim encounters a pop-up on their computer that looks like a normal notification you would receive from your system or antivirus software, often using logos from trusted companies or websites. The notification warns you about a security issue on your computer and instructs you to either call a phone number for help or to click a link to a spoofed tech support page.

There are a number of things scammers will try to do in these types of scams:

Install malware on your computer. Scammers will pose as tech support in order to convince you to give them remote access to your computer and then pretend to run a diagnostic test. What they are actually doing is installing malware or keyloggers onto your device so they can steal your personal information.

Steal personal information. Scammers create phony websites that look like the real deal to prey on your trust and convince you to enter personal information into their fake site, which then allows them to steal your identity and commit fraud.

Ask for money. A scammer will pose as a tech support representative, pretend to fix whatever issue the pop-up claimed was wrong with your computer, and then charge you for their "service." If someone asks you to purchase gift cards as payment, it is definitely a scammer. Legitimate businesses will never ask for gift cards as payment.

If you receive a pop-up notification on your computer that includes a phone number or asks you to click a link, do not call the number or click the link! Security pop-up warnings from real tech companies will never ask you to call a phone number or click on a link. Legitimate tech companies will also never contact you by phone, email or text message to tell you there's a problem with your computer.

Your best defense against these types of scams is keeping your computer's security software up-to-date. If you think you are being targeted by a tech support scam, do not click on the notification and instead have your security system run a scan of your computer for malware. Should you need any help fixing a problem, go to someone you know and trust. Visit your manufacturer's website directly to find online support or a phone number for their tech support.

Tech Support Scams

What To Do If You Were Scammed

If you gave the scammer remote access to your computer, update your computer's security software, then run a scan and delete anything the scan identifies as an issue.

If you gave login information a tech support scammer, change your passwords right away. Make sure you also change the password on any accounts or sites with the same password. Make sure you use a strong password.

If you paid a tech support scammer with your credit or debit card, contact the credit card company or your bank immediately. Tell them what happened and ask if they can reverse the charges.

If you paid with a gift card, contact the company that issued the gift card right away to see if they can refund your money. Remember: legitimate businesses will not ask for gift cards as payment!

Suspicious Car

The wave of mail check fraud and mail theft continues to affect communities throughout Lehigh County. In a recent news release, PA state police asked for public assistance to identify a vehicle connected with multiple thefts from residential mailboxes. The latest thefts took place on the 5100 block of Arrowhead Drive in North Whitehall Township, where police report two men in a maroon sedan stole mail from a mailbox. State troopers then responded to a second theft in the 7900 block of Saegersville Road in Heidelberg Township, where men in a maroon sedan were seen stealing mail from a mailbox. Authorities have asked that anyone with information related to these thefts contact state police at Bethlehem at (610) 861-2026.

As always, New Tripoli Bank recommends customers take steps to protect their sensitive financial information from mail theft and mail check fraud:

We also advise our customers write their checks out in gel or felt tip pen to help prevent the check from being altered. If you plan to use a blue mailbox to mail checks, try to deposit your checks around the time of the last mail collection of the day so the check does not sit in the mailbox for long.

If you have been a victim of a scam, whether it be check fraud or another scam, please reach out to New Tripoli Bank at 610-298-8811 and we can help you. You can also contact the U.S. Postal Inspection Service at 1-877-876-2455 or visit https://www.uspis.gov/report to file a report.

For more information on mail check fraud,  you can watch our Helpful Hints video on the topic!

Helpful Hints Mail Check Fraud

With the government unveiling its sweeping new student loan forgiveness plan, millions of Americans are going to be looking for a piece of the debt relief package. This is the ideal setting for scammers to swoop in and take advantage of people's eagerness, tricking them into giving up sensitive personal and financial information.

You may be asking yourself "what do I have to do to claim this student loan relief?" You can read the full statement from the White House about the loan forgiveness program here https://studentaid.gov/debt-relief-announcement/

Before you click any email links or enter personal information into unfamiliar websites claiming to be official government pages, here are some tips to keep yourself ahead of the scammers trying to steal your identity.

Subscribe to official email updates from the Department of Education. As part of their announcement of the debt relief plan, the White House has set up a website where you can register to be notified when the loan forgiveness process officially opens. If you are seeking Public Service Loan Forgiveness, visit PLSF.gov to learn more and apply.

Never click on links from unexpected emails. If you haven't signed up for official updates from the Department of Education and you receive an official-looking email regarding student debt relief, don't reply or open any attachments. Before clicking any links, mouse over the link to see if the address pop-up contains a legitimate .gov URL.

Don't email personal and/or financial information. Email systems are not encrypted; therefore, emails should not contain confidential information. If you are asked to visit a website to provide personal or financial information, you should instead visit https://studentaid.gov/ to confirm the loan forgiveness process is officially open; this is the official website of the debt relief program and any application process will be located here.

Don't be fooled by urgent requests. The government will provide a very clear timeline well in advance of any cutoff date for applications. If you receive an email emphasizing the urgency of filling out an application and/or submitting information, this is most likely a scammer trying to take advantage of you.

Ignore anyone asking for money in exchange for debt relief. The government's debt relief program is entirely funded by taxpayers and will not require you to send money to anyone.

If you think you or someone you know have been the target of a scam, you should contact your financial institution as well as contact the FTC.

Scam Letter

Scam artists are impersonating the Department of Revenue by sending Pennsylvania business owners fraudulent letters in the mail that direct them to turn over their accounting records. The goal of this ploy is to trick unsuspecting taxpayers into providing sensitive financial information, which the criminals behind the scheme can use for a number of illicit activities that could seriously harm a business' financial standing.  

"This is a prime example of fraudsters impersonating a government agency as they try to convince hardworking Pennsylvanians to turn over sensitive information about their businesses," Revenue Secretary Dan Hassell said. "We are urging Pennsylvania business owners to be on high alert if they receive a suspicious notice that includes the Department of Revenue name and logo. If you have any doubt at all about the legitimacy of a notice from the department, please use the contact information listed on our website, revenue.pa.gov. This is the best way to ensure you are speaking with a legitimate staff member at the Department of Revenue."

Understanding the Scam

The goal of this scam is to make the recipient of the letter believe they are being investigated by the Department of Revenue for an "alleged violation of delinquent sales tax liability." The letter also threatens taxpayers by saying penalties will be imposed on their accounts. Further, the letter includes contact information for a "Resolution Officer" and urges the business owner to provide accounting records prepared by a licensed professional, such as an attorney or CPA.

Providing this information allows the scammers to comb through the accounting records for sensitive information such as bank account numbers and other financial data, which could be used to make unauthorized transactions, request fraudulent tax refunds, and even apply for loans under the name of the business.

Although these counterfeit notices bear the department's name and logo, the notices include suspicious and inaccurate details that can help differentiate between a counterfeit notice sent by a scam artist and a legitimate notice sent by the Department of Revenue. Be on the lookout for notices that make dubious claims or include suspicious details. Here are some tips to keep in mind:

Tips to Avoid This Scam

The Department of Revenue is encouraging Pennsylvanians to keep the following tips in mind to safeguard against this scam:

Steps To Follow if You Have a Question

If you are concerned about a potentially fraudulent notice, please visit the department's Verifying contact by the Department of Revenue webpage for verified phone numbers and contact information. This will help you ensure that you are speaking with a legitimate representative of the department.

Ever since Amazon took off and Facebook launched its marketplace, it seems like the only way to shop is online. Scammers have taken notice and they are constantly trying new schemes to trick careless online shoppers out of money or their private information. The latest scam on the digital marketplace involves payment apps and phony buyers on the Facebook Marketplace who "need" you to update your Zelle, CashApp, or other digital wallet in order to accept money from them.

Here's how it works...

After listing a big-ticket item on the Facebook Marketplace, you are contacted by a buyer who wants to pay using a peer-to-peer payment app. While recent reports reference Zelle, this scam can involve any digital wallet like CashApp, Venmo, or any similar service.

Shortly after receiving a payment, you get an email supposedly from whichever app you used to transfer money. The email will claim the buyer paid via a "business account" and state that you need to upgrade your account to business status to accept the transfer. The "buyer" will offer to send more money to cover the costs of this upgrade as long as you promise to refund them, sending screenshots of their digital wallet with the money deducted from their account. Then the scammer will begin pressuring you into repaying them for these phony fees.

Here's the rub: the initial payment was never sent in the first place! You'll be out a few hundred dollars and the scammer will disappear.

How you avoid scams when selling online:

Don't trust anyone offering to overpay. Unless your item is particularly rare and receive multiple offers over the asking price, be wary of buyers offering you more than you're asking. People tend to shop online to save money, not overspend!

Check email addresses carefully. This goes for any email that you receive, but if you receive an email from a digital wallet company you use, be sure to double-check that the address is legitimate. Scammers will fake addresses that appear similar to official ones unless you look very closely.

Get to know your payment app's policies before use. If you receive a claim that you need to upgrade your account to accept payments, check the app's official website or contact customer service before spending or sending any money. Scammers often make up fake rules or policies to trick their victims.

When in doubt, back out. You are not obligated to accept an offer when selling on Facebook Marketplace. Keep an eye out for common red flags that you are being scammed and don't be afraid to block and/or report someone who you think might be trying to scam you or others.

Report scammers to Facebook Marketplace. If you spot a seller trying to pull off a scam or fall victim to one yourself, report them. Your report can help protect other users.

We have noticed a trend of increasing incidents of mail check fraud in our area in recent weeks. Mail check fraud occurs when a fraudster steals a check directly from your mailbox or the blue U.S. Post Office boxes and alters the amount on the check and/or the payee information on the check.

New Tripoli Bank recommends our customers take one of the following steps to avoid becoming the victim of mail check fraud:

We also advise our customers write their checks out in gel or felt tip pen to help prevent the check from being altered. If you plan to use a blue mailbox to mail checks, try to deposit your checks around the time of the last mail collection of the day so the check does not sit in the mailbox for long.

If you have been a victim of a scam, whether it be check fraud or another scam, please reach out to New Tripoli Bank at 610-298-8811 and we can help you. You can also contact the U.S. Postal Inspection Service at 1-877-876-2455 or visit https://www.uspis.gov/report to file a report.

According to a survey put out by Lending Tree, 56% of Americans donated to charity in 2021. That generosity supports the various organizations putting these donations to work for health care, education, environmental protection, the arts, and numerous other causes.

Unfortunately, it also opens the door for scammers who capitalize on the goodwill of American citizens to line their own greedy pockets.

Every year, we hear about new scams involving faux fundraising for things like veterans, disaster relief, and other charitable causes. Scammers know how a sad story about someone rebuilding after a hurricane or someone coming home after serving our country can turn off the skeptical parts of our brains and get us to open our hearts and wallets to them. Charity scammers are especially active during the holidays since it's the biggest giving season of the year.

Consumers can protect their contributions and prevent becoming a victim by learning how to identify a charity scam.

Red Flags for Charity Scams

Here are some tips that can help you avoid falling prey to a charity scam:

If you think you've been the victim of a charity scam, you should contact the PA Department of State's Division of Charities Investigation Unit/Audits at RA-STBEICIU@pa.gov or use the online complaint form. You should also file a report with the Federal Trade Commission at https://ReportFraud.ftc.gov and contact local law enforcement through non-emergency channels.

jugging minivan

The jugger's dodge minivan pulling onto the street.

On November 18th around 11 AM, a bank jugging occurred at the ShopRite on Freemansburg Avenue in Bethlehem. The female victim, who had just left the Bank of America on Butztown Road and headed to the ShopRite, was followed by the depicted Dodge minivan, which had been parked next to the victim's vehicle at the bank, watching as the victim withdrew a sum of cash and put the envelope in her vehicle's glove box. Once at ShopRite, the person in the Dodge minivan waited for the victim to enter the store before exiting their minivan, smashing the victim's front passenger side window, and stole the envelope.

If anyone has any information relative to this incident, please contact Inv. Fox at (610)-419-9646 or email at efox@bethlehemtwp.com

This criminal act is referred to as "bank jugging." A criminal actor watches for people entering and leaving banks until they notice someone who they suspect has left the bank with cash on them. The actor then follows that person to their next location, before proceeding to take the money by force or breaking into the individual's car or home to steal the unattended cash.

The FBI offers several tips to avoid becoming a victim of bank jugging:

Next Page »« Previous Page